69 lines
2.2 KiB
YAML
69 lines
2.2 KiB
YAML
#cloud-config
|
|
write_files:
|
|
- path: /etc/systemd/system/configure-etcd.service
|
|
owner: "root:root"
|
|
permissions: "0644"
|
|
content: |
|
|
[Unit]
|
|
Description=Configure etcd
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
EnvironmentFile=/etc/sysconfig/heat-params
|
|
ExecStart=/etc/sysconfig/configure-etcd.sh
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
|
|
- path: /etc/sysconfig/configure-etcd.sh
|
|
owner: "root:root"
|
|
permissions: "0755"
|
|
content: |
|
|
#!/bin/sh
|
|
|
|
if [ -z "${KUBE_NODE_IP}" ]; then
|
|
KUBE_NODE_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
|
|
fi
|
|
|
|
DROP_IN_FILE=/etc/systemd/system/etcd-member.service.d/20-configure-etcd.conf
|
|
mkdir -p $(dirname $DROP_IN_FILE)
|
|
protocol="https"
|
|
|
|
if [ "$TLS_DISABLED" = "True" ]; then
|
|
protocol="http"
|
|
fi
|
|
cat > $DROP_IN_FILE <<EOF
|
|
[Service]
|
|
EnvironmentFile=/etc/environment
|
|
Environment=ETCD_NAME=$KUBE_NODE_IP
|
|
Environment=ETCD_DATA_DIR=/var/lib/etcd/default.etcd
|
|
Environment=ETCD_LISTEN_CLIENT_URLS=$protocol://$KUBE_NODE_IP:2379,http://127.0.0.1:2379
|
|
Environment=ETCD_LISTEN_PEER_URLS=$protocol://$KUBE_NODE_IP:2380
|
|
|
|
Environment=ETCD_ADVERTISE_CLIENT_URLS=$protocol://$KUBE_NODE_IP:2379,http://127.0.0.1:2379
|
|
Environment=ETCD_INITIAL_ADVERTISE_PEER_URLS=$protocol://$KUBE_NODE_IP:2380
|
|
Environment=ETCD_DISCOVERY=$ETCD_DISCOVERY_URL
|
|
EOF
|
|
|
|
if [ "$TLS_DISABLED" = "False" ]; then
|
|
|
|
cat >> $DROP_IN_FILE <<EOF
|
|
Environment=ETCD_CA_FILE=${KUBE_CERTS_PATH}/ca.pem
|
|
Environment=ETCD_CERT_FILE=${KUBE_CERTS_PATH}/apiserver.pem
|
|
Environment=ETCD_KEY_FILE=${KUBE_CERTS_PATH}/apiserver-key.pem
|
|
Environment=ETCD_PEER_CA_FILE=${KUBE_CERTS_PATH}/ca.pem
|
|
Environment=ETCD_PEER_CERT_FILE=${KUBE_CERTS_PATH}/apiserver.pem
|
|
Environment=ETCD_PEER_KEY_FILE=${KUBE_CERTS_PATH}/apiserver-key.pem
|
|
Environment="RKT_RUN_ARGS=--volume ssl,kind=host,source=${KUBE_CERTS_PATH} \
|
|
--mount volume=ssl,target=${KUBE_CERTS_PATH}"
|
|
EOF
|
|
|
|
fi
|
|
|
|
if [ -n "$HTTP_PROXY" ]; then
|
|
echo "Environment=ETCD_DISCOVERY_PROXY=$HTTP_PROXY" >> $DROP_IN_FILE
|
|
fi
|
|
|
|
systemctl enable etcd-member
|
|
systemctl --no-block start etcd-member
|